Information Security Principles

6.

Risk Management in Information Security

6.1.

Risk Management Fundamentals

6.1.1.

Risk Management Concepts

6.1.2.

Risk Management Frameworks

6.1.3.

Risk Management Lifecycle

6.1.4.

Organizational Risk Context

6.2.

Risk Identification Process

6.2.1.

Asset Identification

6.2.1.1.

Asset Inventory Methods

6.2.1.2.

Asset Classification

6.2.1.3.

Asset Valuation

6.2.2.

Threat Identification

6.2.2.1.

Threat Intelligence

6.2.2.2.

Threat Modeling

6.2.2.3.

Threat Landscape Analysis

6.2.3.

Vulnerability Identification

6.2.3.1.

Vulnerability Assessment Methods

6.2.3.2.

Vulnerability Scanning

6.2.3.3.

Penetration Testing

6.2.3.4.

Security Audits

6.3.

Risk Analysis and Assessment

6.3.1.

Risk Assessment Methodologies

6.3.2.

Qualitative Risk Analysis

6.3.2.1.

Risk Matrix Approach

6.3.2.2.

Subjective Risk Scoring

6.3.2.3.

Expert Judgment

6.3.2.4.

Scenario Analysis

6.3.3.

Quantitative Risk Analysis

6.3.3.1.

Asset Valuation Methods

6.3.3.2.

Probability Assessment

6.3.3.3.

Impact Calculation

6.3.3.4.

Annualized Loss Expectancy

6.3.3.5.

Return on Security Investment

6.3.4.

Risk Assessment Tools

6.3.5.

Risk Assessment Documentation

6.4.

Risk Treatment Strategies

6.4.1.

Risk Treatment Options

6.4.2.

Risk Mitigation

6.4.2.1.

Control Implementation

6.4.2.2.

Vulnerability Remediation

6.4.2.3.

Security Improvements

6.4.3.

Risk Acceptance

6.4.3.1.

Acceptable Risk Levels

6.4.3.2.

Risk Acceptance Criteria

6.4.3.3.

Documentation Requirements

6.4.4.

6.4.4.1.

Risk Source Elimination

6.4.4.2.

Activity Discontinuation

6.4.4.3.

Alternative Approaches

6.4.5.

6.4.5.1.

Cyber Insurance

6.4.5.2.

Outsourcing Arrangements

6.4.5.3.

Contractual Risk Transfer

6.5.

Risk Monitoring and Review

6.5.1.

Continuous Risk Monitoring

6.5.2.

Risk Indicator Tracking

6.5.3.

Periodic Risk Reviews

6.5.4.

Risk Communication

6.5.5.

6.6.

Risk Relationships

6.6.1.

Threat-Vulnerability-Risk Equation

6.6.2.

Risk Interdependencies

6.6.3.

Cascading Risk Effects

6.6.4.

Risk Aggregation

Previous

5. Security Design Principles

Go to top

Next

7. Security Policies and Governance